10-05-2020 12:55 PM
in the attached diagram firewall A is the external firewall used for vpn and C is the internal firewall with direct connections to the ISP used for internet access , users are on vlan 1,2,3 on switch D and the switch is connected to the firewall C through a trunk and on the firewall C the interface have subinterfaces for the vlans connected to switch D. so now what i need is to set vpn on firewall A and let the vpn reach users on switch D in vlans 1,2,3, so what im planing is to connect firewall A inside to the switch B on a vlan and create an SVI on switch B, then on firewall C i make the B to C connectin on the same vlan as the interface on firewall A inside lets say the ip 1.1.1.1. And in order to let vpn users on firewall A to reach users on switch D, i make a static route with gateway 1.1.1.1? is this correct? will firewall C route traffic between switch D and firewall A?
10-05-2020 01:26 PM
Hi @baselzind
You don't even need to create an SVI on Switch B, if you make sure the FW-A to SW-B and SW-B to FW-C interfaces are in the same VLAN, the FW-A and FW-B devices will be able to communicate with each other. Therefore on FW-A define static routes for SW-B networks (VLAN 1,2 and 3) with a next hop as FW-B outside interface. On FW-B define a default static route via FW-A if required.
HTH
10-05-2020 01:34 PM
thx for the info , but you said set static route for vlan 1,2,3 on FW-A for FW-B outside ip? there is no FW-B , did you mean FW-C
outside interface? which is connected to switch b?
10-05-2020 01:46 PM
Sorry, yes I meant FW-C. Yes, the outside interface would be the interface connected to SW-B.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide